CVE-2022-22795 Information

Description

Signiant - Manager+Agents XML External Entity (XXE) - Extract internal files of the affected machine An attacker can read all the system files the product is running with root on Linux systems and nt/authority on windows systems which allows him to access and extract any file on the systems such as passwd shadow hosts and so on. By gaining access to these files attackers can steal sensitive information from the victims machine.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Reference

https://www.gov.il/en/departments/faq/cve_advisories

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

9.1